California Labor Code Section 980 governs an employer’s access to employees’ private social media accounts. Section 980 prohibits an employer from requiring an employee or applicant to:
Disclose a username or password for the purpose of accessing personal social media
Access personal social media in the presence of the employer
Divulge any personal social media information except as specifically permitted
There is a limited exception that permits an employer to access an employee’s social media in instances where the information is reasonably believed to be critical to an investigation into misconduct or a violation of law, and the information obtained may only be used for that limited purpose. But what should an employer do if it is given social media information by a co-worker that relates to another employee?
Given the relative newness of the law, there is little published case authority on the point. In one case, Ehling v. Monmouth-Ocean Hospital Service Corp., a paramedic sued her former employer for violating her privacy under the Stored Communications Act (“SCA”) and for wrongful termination in connection with the following post on her facebook page:
“An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards . . . go to target practice.”
Plaintiff had her privacy settings enabled such that only her “friends” could see her postings and the Court found it important that she had not “friended” any of her managers. One of her coworkers (who was “friends” with her) voluntarily shared this post with her supervisor. Shortly after, the employee was suspended for “deliberate disregard for patient safety.” The Court granted the employer’s motion for summary judgment on the basis that the employer had not violated the SCA because the information was given to it by someone who was authorized by Plaintiff to view it (her facebook “friend” co-worker).
The message of this case for employers is to be extremely cautious in handling employee social media information, no matter the source or manner by which it is obtained. The message of the case for employees is that there really is no such thing as privacy when it comes to postings on social media.
In part 2 of this series, we look at employer obligations regarding online harassment between employees.